Wireshark-dev: Re: [Wireshark-dev] extracting isup payload from sigtran / ss7 packets
From: Cristian Constantin <[email protected]>
Date: Thu, 4 Apr 2013 15:59:06 +0200
On Fri, Mar 29, 2013 at 6:19 AM, Hadriel Kaplan <[email protected]> wrote:

Hi Cristian - thanks for example script!
Comments inline...


On Mar 20, 2013, at 1:11 PM, Cristian Constantin <[email protected]> wrote:

> hi!
> I attach a lua script that can extract and dump in a separate file
> isup payloads from either sigtran or ss7 packets.

Do you have a sample capture file to test it against?  The only ones I have with ISUP don't have the data tag you're exporting.

cristian: you mean the pcap has sigtran packets and the test for the m3ua tag number fails?
I could make the tag number configurable...

the pcap is pretty large and I am not sure that I can share it. let me check it
and I will get back to you.

thanks.
cristian



> it can be used as an example on how to extract and manipulate binary
> fields from packets;
> I did not find any other one when I was looking for it.
> for using it you have to download and compile the "struct.so" module from here:
> http://www.inf.puc-rio.br/~roberto/struct/

There are some others out there - some a superset of Roberto's, some completely different.  In your particular case I don't think you needed it - you can convert a number to a little-endian 2-byte/short value with plain Lua, and you can just write binary directly to a file too.

For example instead of this:

    local len = len_number-16
    if(1==debug) then
        print("isup len:", len)
    end
    -- use the i-th isup payload
    len_bin = lib.pack('<H', len)
    for b in string.gfind(len_bin, ".") do
        file:write(b)
    end

Do this:

    local len = len_number-16
    file:write( string.char(len % 256, math.floor(len / 256)) )

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe